The invention relates in particular to a method and a system which make available the safety and the user friendliness of a biometric authentication of users via a generic interface to Internet applications (i.e. to almost any applications, provided they are connected to the Internet) which, inherently, do not have a local biometric authentication at their disposal. A starting point for the invention is the continuously increasing widespread use of biometric readers which, in the meantime, are increasingly employed even in smart phones. In general, however, at present biometric authentication in correspondingly equipped mobile terminals is used only for local applications, for instance in order to control the access to the terminal itself. It is typical for such local applications that the authentication process is initiated at the terminal, i.e., as a result of an interaction with the mobile terminal itself the user is requested to input a biometric security feature (wherein also said input itself can be used as an initial interaction, for instance when unlocking a device). External applications are not granted a direct access from the outside to the biometric readers—also because of safety reasons—so that such applications still have to rely on other authentication mechanisms, as for instance the input of a password. In order to be able to use a biometric authentication, it would be necessary to relocate the applications at least in part to the terminal so that at least the authentication steps could be performed locally. This, however, means a comparatively high expenditure for the individual applications which—considering the diverse terminals which, for the most part, are not (yet) equipped with suitable installations—is hardly economically viable.
Such a method is for instance shown in EP 1 102 150 A2, wherein the method shown therein has some shortcomings, as it is not possible to confirm certain transactions, but it is only possible to identify the user in general. In this case, the authentication method is not transparent for the shown application, as the address of the mobile terminal is determined by the application or has to be known to the application so that the application can initiate an authentication. Accordingly, a direct trust has to be established also between the application and the mobile terminal (e.g. by a corresponding key exchange). Moreover, it cannot be inferred from EP 1 102 150 A2 how an identification by means of a fingerprint is used for an authentication with respect to the application.
The invention is based on the idea to make available the possibility of a biometric authentication via an authentication service which is virtually used as an intermediary agent, wherein the linkage to the authentication service can preferably be effected via authentication interfaces and protocols already widely spread for other purposes. The connection of an existing application to such an authentication service is realizable in a comparatively simple way, and, in many cases, it is already present for other authentication services.
Basically, such central authentication services which facilitate the authentication of a user via a mobile terminal for external applications have also already been known. For instance, US 2003/0061163 A1 shows a method in which credit card transactions can be confirmed or approved in real time via a mobile terminal, wherein the payment will only be concluded after the approval. In the course of this method, the owner of the credit card, with which a payment was made at a merchant, is contacted via a central agency and is requested to confirm the transaction or to deny it.
Also U.S. Pat. No. 7,447,784 B2 describes a method and a system for authenticating an Internet user, wherein for instance in case of a purchase on a website or in case of an application the identity of the user is verified via an authentication service of a cellular phone service provider or a cellular network operator, wherein the authentication server sends an authentication query to the cellular phone of the user who has to reply to said authentication request with a password for approval.
In the method described in WO 2010/004576 A1, the input of a PIN by the user and the transmittal thereof (of the PIN) back to the authentication server is provided, i.e. no authentication of the user is carried out at the terminal, but the terminal serves only as an input device in the course of the authentication of the user for an authentication performed at the authentication server.
Also US 2011/0022484 A1, US 2010/0267362 A1 and US 2009/0287599 A1 each show methods in which no authentication of the user at the terminal is carried out.
In the method known from WO 2012/123727 A1 either also the input authentication feature is transmitted to a server and said server makes the authentication decision, with the disadvantage that—in particular in case of biometric security features—the deposit of security features at the server leads to data protection problems; or the terminal makes the authentication decision locally and only informs the server of the result, so that no longer any authentication is carried out at the server, with the disadvantage that the server has to fully trust the authentication at the terminal.
It is an object of the invention to propose a method or a system which makes available the advantages of a biometric authentication to an external application, and, at the same time, avoids the disadvantages which are connected in particular with the initial set-up of such a method—which is necessary for a secure authentication—between the application and the mobile terminal (and, thus, significantly reduce the acceptance of such methods and systems).
Said object is solved according to the invention in a method of the kind as mentioned at the beginning by the fact that an application transmits a query comprising identification data to an authentication service, the authentication service determines the address of a mobile terminal linked to the user on the basis of the identification data (wherein in this context any information by means of which it is possible to get into contact with the mobile terminal is regarded as an address, e.g. an IP address, a telephone number, a hardware address or comparable data) and transmits a request comprising a transaction identifier to the mobile terminal, the mobile terminal (or an authentication application installed in the mobile terminal) performs an enquiry for input of a biometric security feature, grants access to a private key saved on the mobile terminal upon input of a valid security feature, signs the transaction identifier using the private key and transmits the signed transaction identifier back to the authentication service, and the authentication service verifies the signature of the signed transaction identifier and, in the case of the presence of an authentic signature, transmits a confirmation of the query back to the application. Accordingly, the above object is solved according the invention in a system of the kind mentioned at the beginning—the system comprising an authentication server which hosts an authentication service, and a mobile terminal which is configured to communicate with the authentication server, wherein the authentication server comprises a memory containing identification data for identifying the user and an address of the mobile terminal linked with the identification data, wherein the mobile terminal is configured to verify or check a biometric security feature and comprises a memory containing a private key protected by a biometric security feature—by the fact that the mobile terminal is configured to perform an enquiry for input of a biometric security feature upon receipt of a request comprising a transaction identifier from the authentication service, to grant the access to the private key upon input of an authorized security feature, to sign the transaction identifier using the private key and to transmit the signed transaction identifier back to the authentication service. Thus, the authentication service forms a central point of contact for the authentication of the registered users, wherein the mobile terminals used for the authentication itself and the process flow of the biometric authentication are transparent (i.e. not visible) for the accessing application. The application has to be coupled with the authentication service just once, or a mutual trust or confidence has to be established just once. Then subsequent authentications can be initiated preferably by an initial communication of the application with the authentication server. As a matter of course, the authentication service remains coupled to each mobile terminal or to the biometric reader; it is, however, sufficient to perform said process only once for any number of external applications. In particular, the processing stages explained above, which are carried out on the mobile terminal, can be implemented by an authentication application installed in the mobile terminal so that a mobile terminal can also be equipped subsequently by retrofitting (e.g. downloading) the authentication application for the present method. The identification data used by the authentication service for the determination of the mobile terminal to be contacted can either identify a user, so that the mobile terminals registered by said user can be determined, or they can point in another manner to the mobile terminal allocated to the user. The biometric security feature may be a fingerprint, an iris scan, a face recognition or a DNA analysis, wherein, in some cases, the number of authentication attempts and the time intervals between the attempts can be limited in order to make a bypass of the authentication more difficult and in order to increase the safety of the method altogether. In order to inform the user, in addition to the temporal correlation (the transaction is usually triggered by the user himself/herself within the frame of the external application), of the fact why an authentication is necessary, an authentication reason, e.g. a description of the transaction, may be transmitted to the mobile terminal besides the transaction identifier and can be displayed to the user together with the enquiry of the security feature. Furthermore, upon receipt of the confirmation of the query the application can transmit or display to the user a message about the effected approval, wherein the notification can also be effected implicitly only by the grant of access to a secured part of the application.
The authentication method can be used practically any time and, thus, universally, when the authentication service is connected with the mobile terminal via a mobile (i.e. wireless, long-range) data connection, e.g. 3G, UMTS, LTE or comparable technologies. Preferably, also the querying application is connected via a TCP/IP connection for the initialization of the communication with the authentication server. Practically any mobile data connection enabling a communication via a TCP/IP connection between the mobile terminal and the authentication service can be employed. In this manner, also everyday authentication procedures, as for instance when ordering a film on a set top box, at a cash machine or automatic teller machine, in bank transactions at the bank counter, when shopping or purchasing, or in case of access controls, can be carried out by applying the present authentication method.
In order to establish the equivalence of the method with a direct or local biometric authentication, it is beneficial if the access to the private key will only be granted after input of an authorized biometric security feature. This means that the private key at the mobile terminal is exclusively reserved for the purpose of the biometric authentication. In this connection, the attributes (length, period of validity, used algorithm) of the private key should be chosen such that the safety of the authentication is thereby identical to or approximately identical to the safety of a direct biometric authentication.
In order to be able to clearly identify the terminal by means of which the authentication was carried out, and to be able to check or verify whether it is the mobile terminal determined for the purpose of authentication, corresponding to the identification data, and being contacted by the authentication service, it is advantageous if the authentication service verifies the signed transaction identifier with a public key which is linked with the identification data and is deposited in the memory of the authentication server. Correspondingly, such a verification is successful when the transaction identifier was signed with that private key which corresponds to the deposited public key. If another terminal than the contacted terminal had signed the transaction identifier, the verification would fail even when the signature is verifiable with another, possibly even registered public key or even when the signature can be decoded therewith.
Furthermore, it is also favorable if the authentication service signs the confirmation using a user-independent private key. The confirmation would be signed correspondingly prior to the transmittal back to the application. In this manner it can be prevented that the confirmation permits conclusions with respect to the user or the mobile terminal which go beyond the identification data. In particular, the confirmation does not contain any signature or other characteristic features which could be attributable to the user or the mobile terminal, apart from those that are already contained in the identification data and, inevitably, are known to the application anyway. Thereby, private data of the user, e.g. in which time periods which mobile terminal is used, how often the user changes the mobile terminal or the like, are protected by the authentication service and hidden from the accessing applications.
Moreover, it has turned out to be particularly advantageous if, together with the transaction identifier, a transaction characteristic modifiable by the user at a mobile terminal is transmitted, and, together with the signed transaction identifier, a corresponding, possibly modified transaction characteristic is transmitted. In this connection, the transaction characteristic can comprise any data associated with the query or the transaction identifier. While the transaction identifier preferably is distinct or even unique in order to avoid a confusion of different transactions in the authentication service, the transaction characteristic can take up arbitrary values. In particular, they can be data and values which characterize the transaction so that the authentication can be used e.g. as a conditional approval of a transaction specified in more detail by the transaction characteristic. Accordingly, a value of the transaction characteristic confirmed by the authentication, in particular by taking into consideration possible modifications carried out at the mobile terminal, will be forwarded together with the confirmation to the application. For instance, an approved amount of payment in a payment transaction, or the duration of an approval in case of a service, or the duration of a temporary authorization can be assigned to a transaction as a transaction characteristic. Thus, when an approved amount of payment is transmitted, it is possible that by the authentication only a part of a total transaction amount is approved, and then, subsequently, on the part of the application it can be attempted to obtain an approval for the remainder of the total transaction amount in another way, e.g via a further user linked with the transaction, whose identification data are known. In this manner, for instance joint bills can be shared by several participants and can be partly paid by each participant. While the transaction identifier is preferably generated and allocated by the authentication service, the transaction characteristic is determined or at least initialized by the application and possibly modified by the mobile terminal.
In particular for safety-critical transactions or in order to verify a consensus between several authorized parties, it is furthermore particularly advantageous if the authentication service determines the addresses of at least two mobile terminals on the basis of the identification data and transmits a request comprising a transaction identifier to the at least two mobile terminals, wherein a confirmation of the query will only be transmitted to the application when an authentically signed transaction identifier has been received from all terminals. Thus, for instance, a verification or checking of a transaction according to the dual control principle, i.e. two (or more) users have to release or enable the transaction, can be realized when the identification data are linked correspondingly with at least two users. In this case, the at least two mobile terminals are each linked to the different users. It is, however, also possible to additionally protect a multiple biometric authentication of an individual user in this manner, when the at least two mobile terminals are linked to the same user and verify different biometric security features, e.g. a fingerprint as well as a face recognition. Analogously, it is also conceivable that two different users are requested one after the other to input a respective biometric security feature on the same mobile terminal.
In connection with such a multiple authentication it is advantageous if the authentication service observes a verification sequence, wherein a transaction identifier authentically signed by a first mobile terminal is transmitted to a second mobile terminal, and wherein a confirmation of the query will be transmitted only when a transaction identifier authentically signed by all mobile terminals is present. In this way, the process flow of the authentication can be defined beforehand, and there can be realized for instance an incremental approval (i.e. an approval at stages). In case of a plurality of unauthorized queries, for instance, a preselection can be delegated so that the last authentication in the verification sequence will only be initiated if the corresponding transaction has already been released or authorized in a single-stage or multi-stage preselection.
In order that the application can perform the authentication without any adaption of the query and thus without a change of the application also after a change of the mobile terminal or in case of the use of several mobile terminals, it is favorable if the identification data comprise a user identifier registered at the authentication service by the user and being independent of the address of the mobile terminal. Thus, the user identifier is practically representative of one or several mobile terminals of the user or of at least one user for which the biometric authentication is performed in the end. Thus, if the user uses another or an additional mobile terminal, he/she is able to just inform the authentication service thereof in a simple manner, whereupon immediately all applications accessing the authentication service can make use of the new terminal and can profit therefrom.
In order to avoid a manipulation of the authentication method or at least to make it more difficult, it is advantageous if, for the initialization of the authentication method, the private key is generated at the mobile terminal and is coupled with an authorized biometric security feature. The private key is preferably stored in a secured memory of the mobile terminal and shall never leave the mobile terminal. Correspondingly, a key pair is generated internally in the mobile terminal, and only the public key of the key pair is transmitted to the authentication service. In order to avoid a counterfeiting of the authentication by an illegal transmission of the private key, an IMEI (International Mobile Equipment Identity) of the mobile terminal can be used as a part of the key. The IMEI or a comparable identification feature of the mobile terminal can for instance be attached to a randomly generated key or can be put in front of the key.
For the protection of the authentication method and for the avoidance of a fraudulent use of a stolen mobile terminal by third parties, it is favorable when, for the termination of the authentication method, the authentication service transmits an erase instruction to the mobile terminal, and the mobile terminal erases the private key permanently upon receipt of the erase instruction. Thereby it is impossible to further create valid signatures for transaction identifiers with the mobile terminal, and thereby the mobile terminal is unsuitable for future authentications.